SUBMISSION_ATTEMPTS=5
SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
+#-----------------------------------------------------------------------------
+# Check for git repo changes within the last $MAX_GIT_REPO_AGE_HOURS hours
+#
+# It makes sense to set the value twice the 'cron' interval for the job (e.g.
+# if 'cron: @daily', then MAX_GIT_REPO_AGE_HOURS=48)
+
+if ! [[ "${MAX_GIT_REPO_AGE_HOURS:=0}" =~ ^[0-9]+$ ]]; then
+ echo '[ERROR] MAX_GIT_REPO_AGE_HOURS must be non-negative integer.' \
+ >&2
+ exit 1
+fi
+
+if [ ${MAX_GIT_REPO_AGE_HOURS:=0} -ne 0 ]; then
+ LAST_COMMIT_AGE=$(( $(date +%s) - $(git log -1 --pretty=format:%ct) ))
+
+ if [ $LAST_COMMIT_AGE -gt $(( MAX_GIT_REPO_AGE_HOURS *60*60 )) ]; then
+ echo '[NOTICE] Git repository did not have any commits last' \
+ "${MAX_GIT_REPO_AGE_HOURS} hours - no need to re-analyse it." \
+ >&2
+ exit 0
+ fi
+fi
+
#-----------------------------------------------------------------------------
# Process parameters for JS/TS/Python/Ruby/PHP files analysis
if [ -d "${SEARCH_PATH}" ]; then
FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'"
else
- echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
+ echo "[ERROR] '${SEARCH_PATH}' from \$SEARCH_PATHS is not an" \
+ "existing directory." \
+ >&2
exit 1
fi
done
| jq '.upload_permitted'
)
if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
- echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
+ echo "[WARNING] Upload quota reached. Next upload permitted at" \
+ $(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') \
+ >&2
exit 1
fi
fi
--fail \
--form "project=${COVERITY_PROJECT_NAME}" \
--form "token=${COVERITY_TOKEN}" \
- --output 'coverity_tool.tgz' \
+ --output '/tmp/coverity_tool.tgz' \
'https://scan.coverity.com/download/linux64'
curl \
--form "project=${COVERITY_PROJECT_NAME}" \
--form "token=${COVERITY_TOKEN}" \
--form 'md5=1' \
- --output 'coverity_tool.md5' \
+ --output '/tmp/coverity_tool.md5' \
'https://scan.coverity.com/download/linux64'
-echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
-md5sum --check 'coverity_tool.md5'
+echo -n ' /tmp/coverity_tool.tgz' >> '/tmp/coverity_tool.md5'
+md5sum --check '/tmp/coverity_tool.md5'
tar \
--extract \
--gunzip \
- --file='coverity_tool.tgz'
+ --file='/tmp/coverity_tool.tgz' \
+ --directory='/tmp'
-COVERITY_BUILD_TOOL_DIRECTORY=$(
+COVERITY_BUILD_TOOL_DIRECTORY='/tmp/'$(
head -1 <( \
tar \
--list \
--gunzip \
- --file='coverity_tool.tgz'
+ --file='/tmp/coverity_tool.tgz'
)
)
COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
|| exit 1
export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
-rm 'coverity_tool.tgz'
+rm '/tmp/coverity_tool.tgz'
#-----------------------------------------------------------------------------
# Build
| sort \
> 'cov-int/scm-untracked-files.txt'
+if [ -s 'cov-int/scm-untracked-files.txt' ]; then
+ echo '[WARNING] There are some files analysed but not tracked by SCM repository.' \
+ 'There might be 3rd-party or auto-generated sources. See details in' \
+ '"cov-int/scm-untracked-files.txt" file.' \
+ >&2
+fi
+
#-----------------------------------------------------------------------------
# Submit results to Coverity service
HTTP_RESPONSE=$(echo -n "${CURL_OUTPUT}" | head -n -1 | tr -d '\n')
if [ x"${HTTP_RESPONSE}" != x"Build successfully submitted." ]; then
- echo "Coverity Scan service responded with '${HTTP_RESPONSE}' while 'Build successfully submitted.' expected." >&2
+ echo "[ERROR] Coverity Scan service responded with '${HTTP_RESPONSE}'" \
+ "while 'Build successfully submitted.' expected." \
+ >&2
exit 1
fi
+
+ echo "[INFO] Build successfully submitted to Coverity Scan server." >&2
fi
#-----------------------------------------------------------------------------
-
exit 0